Introspy(iOS) - Tool For Blackbox iOS App Analysis

Introspy(iOS) is a Blackbox tool that you can use to understand what an iOS application is doing at runtime and identify potential security issues. The tool comprises two separate components: Introspy-iOS(tracer) and Introspy-Analyzer.
Introspy-iOS is basically a simple program that can be installed on a jailbroken iOS device. It will hook security-sensitive APIs called by a given application, including functions related to cryptography, IPCs, data storage or protection, networking, and user privacy. The call details are all recorded and persisted in an SQLite database on the device.

This database can then be fed to Introspy-Analyzer, which generates an HTML report displaying all recorded calls, plus a list of potential vulnerabilities affecting the application.

Once installed, Introspy-iOS will store in an SQLite database all calls made by iOS applications to security-sensitive APIs.

It allows you to choose which iOS App should be monitored:

It also allows you to choose which APIs should be recorded:

Introspy-iOS can also be configured to log all profiled calls to the console in real time:

INSTALLATION

1. Download the latest Introspy-iOS pre-compiled Debian package (download link is at the end of this article).

There should be two new menus in the device's Settings. The Apps menu allows you to select which applications will be profiled while the Settings menu defines which API groups are being hooked.

4. Finally, kill and restart the App you want to monitor.

If you want to uninstall the program, use this command:

dpkg -r com.isecpartners.introspy

If you want to modify the library's functionality, you have to build the Debian package yourself. Here is how to do it:

Note: This requires Theos suite. Also, set the $THEOS variable in your environment, and export it.

export THEOS=/absolute/path/to/theos
export PATH=$THEOS/bin:$PATH

Then, the package can be built using:

make package

Once you've successfully created the Debian package, you can use Theos to automatically install the package and respring the device by specifying the device's IP address in the THEOS_DEVICE_IP environment variable:

Why I started this blog?

I started this blog to share my passion with the world. Now it is a part of my daily life. I have a tech blog too, but this one is my favourite, because I really, really like to talk about hacking and security.